hi,
can't seem to aggregate port1 and port2 in a FG-201F.
i already factory reset the device.
i don't see port1 and port2 listed/available for the new aggregate interface (po1).
ports1-4 are patched to our cisco switch and they're green/up.
FW01 # config system interface
FW01 (interface) # edit "po1"
new entry 'po1' added
FW01 (po1) # set vdom "root"
FW01 (po1) # set type aggregate
FW01 (po1) # set member "port1" "port2"
node_check_object fail! for interface-name port1
value parse error before 'port1'
Command fail. Return code -651
FW01 (po1) # set member
interface-name Physical interface name.
ha interface
port17 interface
port18 interface
port19 interface
port20 interface
port21 interface
port22 interface
port23 interface
port24 interface
x1 interface
x2 interface
x3 interface
x4 interface
FW01 # show system interface
name Name.
ha static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
l2t.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel disable
lan static 0.0.0.0 0.0.0.0 192.168.100.99 255.255.255.0 up disable hard-switch disable
mgmt static 0.0.0.0 0.0.0.0 192.168.1.99 255.255.255.0 up disable physical disable
modem pppoe 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 down disable physical disable
naf.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel disable
po1 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable aggregate disable
port1 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port2 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port3 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port4 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port5 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port6 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port7 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port8 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port9 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port10 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port11 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port12 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port13 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port14 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port15 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port16 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port17 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port18 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port19 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port20 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port21 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port22 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port23 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port24 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
ssl.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel disable
x1 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
x2 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
x3 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
x4 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
FW01 # get system interface physical
== [onboard]
==[ha]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[mgmt]
mode: static
ip: 192.168.1.99 255.255.255.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port1]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port2]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port3]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port4]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
<SNIP>
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @johnlloyd_13,
I believe 'lan' is a default hardware switch and you can't delete it. However, you can just remove physical interfaces from it. To find object dependencies, please refer to the following links:
Regards,
Created on 01-12-2024 08:12 AM Edited on 01-12-2024 08:13 AM
You can always do "show | grep -f fortilink" at the top hierarchy of CLI tree.
But I believe the fortilink is always used in 1. config sys DHCP server and 2. config sys ntp.
For DHCP server you can simply remove it (likely "edit 2"). But for NTP, you can either disable the server mode (if you're not using the FGT as NTP server for devices on other interfaces) or remove the fortilink from the interface list.
Below is from 40F, but I think it's the same on 20xF.
config system ntp set ntpsync enable set server-mode enable set interface "fortilink" <--- reference, "set server-mode disable" would remove this. end
Toshi
i saw it has a virtual switch and took the first 16 ports.
how do i "delete" the virtual switch in CLI and free up the these 16 ports?
FW01 # config system virtual-switch
FW01 (virtual-switch) # show
config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "port1"
next
edit "port2"
next
edit "port3"
next
edit "port4"
next
edit "port5"
next
edit "port6"
next
edit "port7"
next
edit "port8"
next
edit "port9"
next
edit "port10"
next
edit "port11"
next
edit "port12"
next
edit "port13"
next
edit "port14"
next
edit "port15"
next
edit "port16"
next
end
next
end
hi,
i tried to "free up" ports1-16 under the virtual-switch but can't delete "lan"
could someone advise what is the correct step/CLI?
FW01 # config system virtual-switch
FW01 (virtual-switch) # edit "lan"
FW01 (lan) # config port
FW01 (port) # delete port1
FW01 (port) # delete port2
FW01 (port) # delete port3
FW01 (port) # delete port4
FW01 (port) # delete port5
FW01 (port) # delete port6
FW01 (port) # delete port7
FW01 (port) # delete port8
FW01 (port) # delete port9
FW01 (port) # delete port10
FW01 (port) # delete port11
FW01 (port) # delete port12
FW01 (port) # delete port13
FW01 (port) # delete port14
FW01 (port) # delete port15
FW01 (port) # delete port16
FW01 (port) # end
FW01 (lan) # end
FW01 # config system virtual-switch
FW01 (virtual-switch) # delete
*name Name of the virtual switch.
lan
FW01 (virtual-switch) # delete lan
intf lan is used
command_cli_delete:6826 delete table entry lan unset oper error ret=-23
Command fail. Return code -23
Hi @johnlloyd_13.,
If you delete the port from virtual switch, it should be free up. Can you check again?
also, how do i remove these interface/config?
how to find its dependency. i lost GUI MGMT so i'm left with console/CLI only.
edit "lan"
set vdom "root"
set allowaccess ping https ssh fgfm fabric
set type hard-switch
set stp enable
set role lan
set snmp-index 35
next
edit "fortilink"
set vdom "root"
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 36
FW01 # config system interface
FW01 (interface) # delete lan
The entry is used by other 1 entries
Command fail. Return code -23
FW01 (interface) # delete fortilink
The entry is used by other 1 entries
Command fail. Return code -23
Hi @johnlloyd_13,
I believe 'lan' is a default hardware switch and you can't delete it. However, you can just remove physical interfaces from it. To find object dependencies, please refer to the following links:
Regards,
Created on 01-12-2024 08:12 AM Edited on 01-12-2024 08:13 AM
You can always do "show | grep -f fortilink" at the top hierarchy of CLI tree.
But I believe the fortilink is always used in 1. config sys DHCP server and 2. config sys ntp.
For DHCP server you can simply remove it (likely "edit 2"). But for NTP, you can either disable the server mode (if you're not using the FGT as NTP server for devices on other interfaces) or remove the fortilink from the interface list.
Below is from 40F, but I think it's the same on 20xF.
config system ntp set ntpsync enable set server-mode enable set interface "fortilink" <--- reference, "set server-mode disable" would remove this. end
Toshi
hi,
i already removed NTP config.
FW01 # config system ntp
FW01 (ntp) # show
config system ntp
end
i saw there was a DHCP dependency for fortilink. deleted it and was able to remove fortilink. many thanks for your help!
FW01 # show | grep -f fortilink
config system interface
edit "fortilink" <---
set vdom "root"
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 36
next
end
config system dhcp server
edit 3
set ntp-service local
set default-gateway 10.255.1.1
set netmask 255.255.255.0
set interface "fortilink" <---
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
end
config switch-controller storm-control-policy
edit "auto-config"
set description "storm control policy for fortilink-isl-icl port" <---
set storm-control-mode disabled
next
end
FW01 # config system dhcp server
FW01 (server) # delete 3
FW01 (server) # end
FW01 #
FW01 # config system interface
FW01 (interface) # delete fortilink
FW01 (interface) # end
FW01 #
Hello
To recover WebUI access, just configure your management interface like this:
config system interface
edit mgmt
set ip 192.168.1.99/24
set allowaccess ping https ssh
end
end
You probably don't need to delete your "lan" and "fortilink" interfaces, just leave one unused interface in there and free up the others.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.